ON THE ITERATIONS OF CERTAIN MAPS x ^ k ■ {x + x'^) 
OVER FINITE FIELDS OF ODD CHARACTERISTIC 

S. UGOLINI 
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Abstract. In this paper we describe the dynamics of certain rational maps 
of the form k ■ (x + x~^) over finite fields of odd characteristic. 



1. Introduction 

The dynamics of rational maps over finite fields has drawn the attention of some 
investigators over the last years. Our first work in this area was 0, where we 
studied the iterations of the map ??(x) — x + x^^ over finite fields of characteristic 
two relying upon the relation between i? with an endomorphism over Koblitz curves. 
After this first work we attempted at a possible description of the dynamics of f? 
over finite fields of odd characteristic. In general it seems that the behaviour of 
the map i) over finite fields of odd characteristic is chaotic and at the moment a 
thorough description of its dynamics seems out of reach. Notwithstanding, there are 
two remarkable exceptions. In [3] we gave a complete description of the dynamics 
of -d over finite fields of characteristic three and five, being in characteristic three 
the map 'd conjugated with the square map and in characteristic five related to an 
endomorphism of the elliptic curve with equation y'^ — x^ + x. 

In this paper we address the problem of studying the iterations of certain rational 
maps which are obtained by a slight modification of the map ■(?, namely maps of 
the form fc • (a; + x^^), where A: is a non-zero element of a prime field. 

If p is an odd prime and g is a p-power, then, for any fc G F* we can define a 
map ■d]^ over the projective line P^(Fg) = Fg U {oo} as follows: 



^^. 



CXD \i X — CXJ, 

fc • (x + x^^) otherwise. 



As in ^ and [4J it is possible to associate a directed graph G^ with the map 
•dk over the finite field F^. More precisely, we can label each node of G\ by an 
element of P-^(Fg) and connect with an arrow the nodes a and /3 if /3 = '&k{p)- We 
say that an element 7 of G\ is i?fe-periodic if '&\(c{) = 7 for some positive integer 
I. Moreover, we notice that an element 7 which is not i^^-periodic is pre-periodic, 
since ^^(7) is periodic for some positive integer s. 

We can notice some properties of the digraph G\ : 

• the indegree of a node /3 of any G| can be 0, 1 or 2. In fact, if /3 e F^, 
then there exists a € Fg such that "Qkia) = /3 if and only if there exists 
a root a in Fg of the quadratic polynomial pk{x) — kx^ — jBx + k. In 
particular, we notice that the indegree of /3 is 1 exactly for /3 — zL2k, since 
the discriminant of p^: is /?^ — Ak^; 

• any connected component of G^ is formed by a cycle, whose elements can 
be viewed as roots of reverse binary trees. 
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Constructing some digraphs G^ one can notice that their structure is not partic- 
ularly symmetric. Nonetheless, in the following three cases they present remarkable 
symmetries. 

(1) Case 1: k = ±— (modp). 

(2) Case 2: if p = 1 (mod 4), then k G {?'i,?'2}, where ri,r2 are the roots in 
Fj, of the polynomial x^ + - G Fp [x] . 

(3) Case 3: if —7 is a quadratic residue in Fp, then k G {^'^^i ^^T^}' 'where 
uj^TD are the roots of the polynomial x^ — x -\- 2 €Yp[x\. 

Any of the three cases will be discussed in the following sections. Briefly, in case 

1 we will rely upon the fact that ■(? i is conjugated with the square map, while cases 

2 and 3 will be studied based upon the fact that in these cases the maps 1?^ are 
conjugated with endomorphisms of certain elliptic curves. 

2. Case 1: k = ±- (mod p) 

Let Fq be a finite field with q elements, where q = p^ for some odd prime p and 
positive integer n. 

The iterations of the map di over P^(Fq) can be studied relying upon the 
consideration that fJi is conjugated to the square map. Indeed, 

(2.1) ^1 ^Vi °S2O'0i, 

where S2 and ■0i are maps defined on P^(Fg) as follows: 



s,{x)=r ^;;"^^'" ^l,^{x) 



■^+i ifa;GPi(F,)\{l,oo}, 



oo if. = oo, '^^^^^=11 if- = oo, 

if a; = 1. 

The iterations of the map -di have been studied in [5]. 

As regards the map d_i, the iterations of this latter map can be studied con- 
sidering that 

(2.2) ^_i =i>i os_2oV'i, 

where s_2 is the map defined on P^(Fq) as follows: 

a;-2 ifxGP;, 
s^2{x) = ■^ li X = oo, 
cxD if x = 0. 



3. Case 2: fc^ = -i (mod p) with p=l (mod 4) 

This and the following section have been inspired by [2j, pages 110 and 111, but 
what follows will be as far as possible self-contained. 

Let p be a prime such that p = 1 (mod 4) . The quadratic equation 

(3.1) a;^-2a; + 2 = 

admits two distinct roots in Fp, since its discriminant is equal to —4, which is a 
quadratic residue in Fp. Denote by a^j and azj the roots of p.ip . set k^^ — aj^ and 



k— ~ ajj . The two maps 

ek^\x,yj = few- , — y- 

\ \ X J a^ 

\ \ X ) azj 

are endomorphisms of the ehiptic curve 

-B : y^ = a;^ + a:: 

over Fp. 

Hence, we can study the iterations of the maps du^ and "d]^ taking into account 
the fact that 

ek^ix,y) = i'dk-{x),-^-y 5— 

In particular, being k'^ = k^~ —- (mod p) and k^ = —ku (mod p), we get that 

Since the endomorphism ring of the elhptic curve defined by j/^ = x^ + x over Q 
is isomorphic to Z[i] (as one can deduce from Proposition 2.3.1 of [2]), by Deuring's 
reduction theorem the endomorphism ring End(-E) of E over Fp is also isomorphic 
to R — Till], which is euchdean with euchdean function 

N{a + bi) =a^ + b^, 

for any arbitrary choice of a, & in Z. 

In R we have that 2 = (l + j)-(l — i). Hence, in R we can represent the two 
endomorphisms e^^ and efc_ by w = 1 + i and uJ = 1 — i respectively. 

Let a £ {uj,lJ}. We fix once for all the current section a = uj or a = lJ and study 
the structure of the graph G^ . 

Firstly we partition the elements of P^(FpTi) in two subsets: 

A„ — {x e Fpn : (a;, y) £ E{Fp,^) for some y G Fp^} U {00}, 
Bn = {x e Fpr. : (x, y) € -E'(Fp2„) for some y G Fp2,i\Fp,>}. 

The following holds. 

Lemma 3.1. Let x e Fpn. Then, in E(Fp2,t) there are exactly two rational points, 
(i, y) and (x,—y), with such an x-coordinate except for 

being ip and —ip the two square roots of —1 inFp. 

Proof. The thesis is immediate if we notice that the equation y^ — x^ + x has 
exactly two distinct roots yi and y2 in Fp2n unless x^ + x ~ 0. D 

We prove the following useful result. 

Lemma 3.2. The map "dk^ o,cts separately on the sets An and Bn, namely, if 
X G P"'^(Fpn), then "dk^ijc) G An if and only if x £ An. 
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Proof. If a; = oo, then -dk^ (x) — cx) and we are done. 

If a; G An\{oo}, then there exists y £ Fpn such that {x,y) e E{Fpn). Therefore, 
ekAS:,y) G E{Fpr.) and i?fc„ (i) G A„. 

Consider finally an element x G -B„. Since {'&k^{x),yi) and {■dk^{x),y2), with 

% = (-IF- — -y-^^, forjG{l,2}, 

are the only rational points in E(Fp2n) having 'dk^ix) as x-coordinate and y ^ Fpn, 
we conclude that any yj is not in Fp^ and that 'i9fc^(a:) G i3„. □ 

We remind that among the endomorphisms of E we find the Frobenius endo- 
morphism TTp, which takes any rational point {x,y) of E(Fpn) to {x^,y^). By [6], 
Theorem 2.3(a), we have that there exists an isomorphism 

xPn-E{Fpr.)^R/{n^-l)R. 

Moreover, by [S], Theorem 2.4, the representation of TTp as an element of R is 

p + 1 — 771 + V« 
^P = ^ ' 

where 

m = \E{Fp)l 
d — (p + 1 — m) — Ap. 

By means of the isomorphism ^n we can study the iterations of the map "dk^ on 
An and i3„ relying upon the endomorphism e^^ which is represented by a in R. 
Before dealing with the iterations of "dk^ on i?„, we introduce the subset 

^(Fp2„)B„ = {{x,y) G ^(Fp2„) -.xeBn) 

oi E(Fp2n) and prove the forthcoming technical result. 

Lemma 3.3. Let {x,y) G E{Fp2n). Then, {x,y) G E{Fp2n)B^ if and only if 
7i"p (i, y) = {x, -y) and y 7^ 0. 

Proof. If {x,y) G i?(Fp2„)s„, then x G Fp^. Therefore, J^" = a; and 7rp(a;,2/) = 
{x,y'P ). Since {x,y) and {x,—y) are the only points in _E(Fp2,i) with such an x- 
coordinate and y ^ Fp^ by definition of the set i3„, we conclude that y^" = —y. 
Hence, TTp{x,y) = {x, —y). Moreover, since y ^ Fpr., we deduce that y ^ 0. 

Vice versa, suppose that ■np(x,y) — {x,—y) and y ^ 0. Then, x G Fp^. Since 
y G Fpn only if y^ — y and by hypothesis y^ = — y, we conclude that y G Fpn 
only if y = — y, namely only if 2y = 0. Since y ^ 0, we conclude that y G Fp2„\Fpn 
and X G -B„. □ 

We remind that, whichever the positive integer n is, the 3 rational points (x, y) G 
E{Fp,^) with y = are: 

Zi - (0, 0) , Z2 = (ip, 0) , ^3 = [-ip, 0) . 

With the notation till now introduced and in virtue of Lemma 13.31 the following 
holds. 

Corollary 3.4. There exists an isomorphism 

i^n ■■ £^(Fp2„)s„ U {Zi,Z2, Zs, 0} -^ i?/(7r; + 1)R, 

being the point at infinity of the curve E. 



Proof. By the aforementioned Theorem 2.3 of [5], 

E{Fp2„)-R/{TTl^-l)R. 

Denote by V'2n the isomorphism between E(Fp2n) and R/{Tri"' — 1)R and by (i, y) 
a rational point of E{Yp2ii) different from the point at infinity. We have that 
TTp{x,y) = (i, — y) if and only if {x,y) € E{Fp2r,)B„ or y = 0. Since this latter is 
equivalent to saying that {x, y) G {Zi, Z2, Z3}, we get the thesis. D 

All considered we can study the graph GJJ^ separately on the elements of An 
and Bn- 

Suppose that tt" — 1 (resp. tt" + 1) factors in R as 

(3.2) -"•ffipr)-f n -A^ 

where 

(1) any e^ is a non-negative integer, for < i < w; 

(2) 7V(w'=«) =2'=«; 

(3) for 1 <i <v the elements pi S Z are distinct primes of R and N{pl' ) = p^'^*; 

(4) for u + 1 < i < w the elements r^ G i?\Z are distinct primes of i?, different 
from uj and ZU, and N(r'j^') — p^', for some rational integer pi such that 

For the sake of clarity we define, for < i < ti;, 



UJ 


if i = 0, 


Pt 


if 1 < i < w. 


n 


iiv + l<i<w 



As a consequence of the factorization (13. 2p the ring i?/(7r" — 1)_R (resp. i?/(7r" + l)i?) 
is isomorphic to 

to 
(3.3) S = l[R/pr^R. 

4=0 

As regards the additive structure of the quotient rings involved in p.3p . we notice 
the following. 

• The additive group of R/u!^°R is cyclic of orders 2^". Hence, there are 
(p{2'^°) elements in R/uj^°R of order 2''°, for each integer < ho < bq. 

• For any i G {1, . . . , w} the additive group of R/p^^R is isomorphic to the 
direct sum of two cyclic groups of order p^' . This implies that, for each 
integer < hi < Ci, there are iV^. elements in R/pl'^R of order p^ ' , where 

AT ^ / 1 if ^^ = 

'*' [ Pj2/i, _p^2(h.-i) otherwise. 

• For any i G {f + 1, . . . ,10} the additive group oi R/r^^R is cyclic of order pj\ 
Hence, there are ip{pi^) elements in R/r1^R of order p/% for each integer 
< hi < Ci. 

If {x,y) is a rational point of E{¥pi^) (resp. E{Fp2n)B^)^ then we write -P(a:,y) 
for the image oi {x,y) in S. 
Now we define the sets 

Zi = {0,1,..., Bi}, for any Q <i <w 

and 



H = Y[Z, 



i=0 
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Definition 3.5. Let P = {Pa, Pi, ...,Pw)<eS. 
Then, we define h^ = (Hq , /if, . . . , h^) in H if 

• Pq has additive order 2^" in S; 

• each Pi, ioT 1 < i < w, has additive order p^ * in S. 

Moreover, we define o{P) = (o(Po),o(Pi), . . . ,o(P^)), where o{Pi) denotes, for 
any < i < w, the additive order of Pi in S. 

The foUowing two lemmas furnish a characterization of ?9fe^ -periodic elements. 

Lemma 3.6. Let x G An (resp. Bn) he -dk^ -periodic. Then, one of the following 
holds: 

• X = oo; 

• X is the x-coordinate of a rational point {x,y) G E(Fpn) (resp. E(Fp2n)) 
such that P[i,y) = {Po, Pi, ■ ■ ■ , Pw), where Pq = 0. 

Proof. If a; = oo, then x is z?^^ -periodic. 

Suppose now that x G A„\{oo} (resp. P„). Then, {x,y) G EiYpn) (resp. 
E{Fp2n)B^) for some y in Fp^ (resp. Fp2n). Moreover, a^P^^y-^ = ±P(j.y-^ for some 
positive integer I. In particular, (cr' ± l)Po = 0. Since cr does not divide (ct' ± 1), 
we have that Pq = 0. D 

Lemma 3.7. Let P = (Pq, Pi, ... , Pw) be a point in S such that Pq — and denote 
by li, for any < i < w, the smallest among the positive integers s such that either 
a' ■P^=P^ ora' ■P, = -P,. 

Let I' — lcm(Zo, h, . . ■ ,lw) o,nd denote by I the smallest among the positive inte- 
gers s such that cr*P — P or a'^P = —P. 

Then, for any i we have that li is the smallest among the positive integers s such 

that Pj * divides either cr" + 1 or a^ — I in R. Moreover, I is determined as follows: 

, \ I' if either p^ ' | (cr' +1) for all i or p^^ | (cr' — 1) for all i, 
I 2Z' otherwise. 

Proof Fix a i such that < i < w. If P; = 0, then h[ = 0, /i = 1 and p° = 1 
clearly divides both a''^ -\- 1 and cr'' — 1. Suppose now that Pj y^ 0. We notice that 

o{Pi) ■ Pi — and that, whichever i is, gcd(/9^', o(Pj)) = Pi' . Therefore, 

P^ I P^■ 



gcd(pr,o(P.)) 

h'' . . . 

Hence, if s is a positive integer such that p^ ' divides either o"' + 1 or cr* — 1, then 

p^* ^ Pi"- ■ pI"^ ' divides cither (a'' + l)Pj or {a'' - l)Pi, 

namely 

(T^-P, = P, or a'■P^^-P^. 
We can therefore conclude that U is also the smallest among the positive integers 

s such that p^ ' divides either cr* + 1 or cr* — 1 in R. 

Since a^P = P or a^P = — P, we have that either cr\Pi) = Pi for all i or 
cr^{Pi) = —Pi for all i. Then, I must be a common multiple of all li. In fact, 
suppose that for some < i < w 

\ I ^ h ■ Qi + t^ 

\o<t, <k 

for integers qi,ti. Then, 

a'P, = a'-«*+*'(P,) = a*-(±P,) = ±P,. 



By definition of k we conclude tfiat i,; = 0. Hence, k \ I and I' \ I. Since a' (Pi) = 
ztPi for any i, we get the thesis. D 

The following holds. 

Lemma 3.8. Let xq e Fpn be 'dk^-periodic, s a positive integer and Xg — if^. (xq). 
Let (xo^yo) S E(Fpn) (resp. E{Fp2n)B^) for some j/o G Fp" (resp. Fp2n) and 
{xs,ys) e E{Fp^) (resp. E{Yp2,^)B,J for some y^ € Fp>^ (resp. Fp2„j. // Q^^^ = 
P(xo,ya) "''^d Q^") = P{x,,y,), then h^ = h^ ' . 

Proof. Since Xs = ^ijxo), we deduce that Q^'') = ±a'Q^°\ Therefore, if Q(") = 
((^^:Ql''^•■•.<^-^)- then Q(^) = ±(a^Q(°\...,a^QL°^). For any i 7^ we have 
that a^ and pi are coprime. Therefore, for any such i, we have that h^ — h^ 
Finally, Qq — 0, implying that h^ — h^ —0. Therefore we can conclude that 

If x e P^(Fpn) is i?fe^ -periodic, then we denote by 

the cycle of x with respect to the map i9fc^ . 

In virtue of Lemmas 13.71 and 13.81 we can give the following definition. 



Definition 3.9. If h = {Hq, hi, . . . , h^) E H, then Ch denotes the set of all cycles 
(x)^ of GS formed by the elements x £ An (resp. Bn) such that exactly one of 
the following holds: 

• a; = 00 (and h — (0, 0, ... , 0)); 

• (x, y) G E(Fp,t) (resp. E{Fp2,^)B„) for some y € Fp,^ (resp. Fp2n) and 
/i^(x,«) = h. 

Moreover, by Ih we denote the length of the cycles formed by these points, by Ca„ 
the set of all cycles in graph A„ and by Cb„ the set of all cycles in graph i?„. 

The following holds. 

Theorem 3.10. Let Ha Q H he the set formed by all h E H such that ho — 
and Hb Q H the set formed by all h E H such that /iq = and hi ^ for some 
\ < i < w. 

With the above notation, 

Ca^ = U Ch and Cb„ = U ^"^ 



Moreover, 

\Ck\ 



1 if h E Ha and hi = 0, for all Q < i < w , 
Nil in all other cases, 



where 



^>^ - w- ^^2"") ■ ( n^'- ) • ( n ^(p^'n ■ 

Proof. Let us analyse separately the different cases. 

• Let (x)^ E Ch for h E Ha with all hi = 0. Then h = h^ , where all 
Pi = 0. Therefore, £ = 00 and \Ch\ — 1. 
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Let (i)^ e Ch for some h e Hb or ft, e i/^\{(0, . . . ,0)}. Then, {x,y) and 
[x, —y) are the two rational points of E{Fpn) (resp. i?(Fp2„)B„) with such 
a x-coordinate. The length of the cycle (x)^ is Ih, being Ih as explained in 
the current paragraph. We notice that h^i^-y> = h. Moreover, the number 
of points Q in S* such that h'^ = h is 



We conclude that 



hi-. 

2 — ^+1 






n 



In the following we will denote by Va^ (resp. Vb„) the set of the i?/c^ -periodic 
elements of A„ (resp. -B„). Before proceeding with the description of trees rooted 
in vertices of Va„ and Vb„ we notice that, according to [T], 

Rja^^R = J Zl -^^ • {a\ : J, = or 1 I . 

The following theorem characterizes the reversed trees having root in Va^ (resp. 

Theorem 3.11. Any element xq G Va„ (resp. Vb„) is the root of a reversed binary 
tree of depth cq with the following properties. 

• If Xq ^ oo, then there are [2'""^] vertices at the level r < cq of the tree. 
Moreover, the root has one child, while all other vertices have two children. 

• If Xq = c», then there are [2'""^] vertices at the level r < cq of the tree. 
Moreover, the root and the vertex at the level 1 have one child, while all 
other vertices have two children. 

Proof. For a fixed element xq S Va„ (resp. Vb„), let P — P(xo,yo) G 5" be one of 
the at most two rational points with such an x-coordinate. An element x^ € Fpn 
belongs to the non-negative level r of the reversed binary tree rooted in xq if and 
only if 

• t?^ (xr) 7^ 2:0 for any integer s with < s < r; 

• none of the ^^ (xr) is "iJfc^ -periodic for any integer s with < s < r. 

Since Xr G An (resp. Bn), there exists yr G Fpn (resp. Fp2n) such that {xr,yr) G 
ii;(Fpn) (resp. E{Fp2r,)B„). Moreover, if Q = Q{x^,y^), then Qo ^ and cr'Qo = 0. 
Therefore, r < bq. 

For a fixed non-negative integer r we aim to find all points Q in S such that 

(1) [aYQo = and [a]'-iQo ^ ; 

(2) [aYQ, = Pi for all i ^ 0, or [a^Qi = -Pi for all i ^ 0. 

The first condition is satisfied if and only if 

ep- l 

(3.4) Qo^lap-r^ J2 Sda]\ 

i— eo— r-4-l 

where each 6i G {0, 1}. 

The second condition is satisfied if and only if one of the following holds: 

• Qi = M^'Pi, for aU i; 
""Pi, for all i. 



Hence, fixed the values of 6i for cq ^ r + I < i < cq ^ I, tliere are at most two 
possibilities for Q, namely Q*^^^ and Q*-^-' with 

qI,^^ = Qo and gf ^ = [cr]-''Pi for all i ^ 0, 

q[,2) ^ Q^ and gf ^ = -M^^'Pj for all i ^ 0. 

Therefore, for a fixed positive integer r there are 2"^ points Q — Q[xr,yr) ^^ ^ such 
that Xr belongs to the level r of the tree rooted in xq , provided that not all Pi are 
equal to zero (in which case xq = oo). We notice that (xr,yr) and {xr,—yr) are 
the only rational points with Xr as x-coordinate. Moreover, 

^{Xj^.yr) / ^{Xr.Vr) ^(Xr, — yr)^ 

provided that not all Pi are equal to zero for i ^ Q. Hence, for any x <E Va„ different 
from oo there are 2^~^ vertices at the level r of the reversed binary tree rooted in 

Xq. 

If all Pi are zero, then xq = oo. In that case the points Q^^-* and Q'^-* as 
above coincide. This fact implies that, for any positive integer r, there are 2'""^ 
rational points Q = Q(x,.,y,.} such that Xr belongs to the level r of the tree rooted 
in Xq. Moreover, Q = Q(^xr-,yr) ^^'^ ~Q ~ Q(x,.,-yr-) have the same z-coordinate 
and Q ^ — Q, unless Qo = [cr]*^""^. This latter happens if and only if Xr belongs to 
the first level of the tree rooted in xq. This amounts to say that there are [2''"^] 
vertices at the level r of the tree. 

Consider now an element Xr belonging to the level r < eq of the tree rooted in xq. 
Then, x^ is the ^-coordinate of a point Q vn S with Qo as in (j3.4p or Qo = 0. The 
equation -d^^ [x) — Xr has at most two solutions xi and X2 in Fpi. . The elements 
xi and X2 are the x-coordinate of two rational points Q^^-* and Q^^^ of S with 

_ eo-2 

eo-2 
)(2) _ Meo-r-1 I V^ A. , , r^P J- r^ieo-1 



Q^P = H^"-'^-^+ E 



^i[^\ 



l(l) _ /=i(2) 



= [cr]-iQ, for alli^Q 



and 



[a]Q(i) = HQ(2) = Q. 
As regards the number of children of the vertices of the tree, the following hold. 

• If r = 0, then just xi belongs to the tree, proving that xq has one and only 
one child. 

• If r > 1 and at least one of the Pi is non-zero, then Q^^' ^ —Q^'^\ Hence 
Q^^^ and Q^^^ correspond to rational points having different a;-coordinates. 
This implies that each vertex at non-zero level r of the tree rooted in xo 7^ oo 
has two children. 

• If r = 1 and all Pi are zero, then xq — 00. Moreover, Qg ' = — Qo and 
also Q^-^^ = — Q*-^'. Hence the only vertex at the level 1 has exactly one 
child. 

• If r > 1 and all the Pi are zero, then Q*-^' ^ — Q^^'. Hence, all the vertices 
at the levels r > 1 of the tree rooted in 00 have two children. 

n 

4. Case 3: fc G {^^7 ^T^} with uj,uJ roots of x^ - a; + 2 
In [2], Proposition 2.3.1, (iii) the author shows that the elliptic curve with equa- 
tion y"^ — x^ — 35a; + 98 has endomorphism ring equal to Z 2 ■ ^"^ particular. 
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the curve possesses an endomorphisni of degree 2, namely the map [a], which maps 
a point (x, y) of the curve to 



2, 7(l-«)4\ ^ , Y^ , 7(1 -a) 



[a]{x,y)= [a [x- \ .^ \ ] ,a ''y[l + 
being a — 



x + a^-2j \ {x + a^ -2) 



2 
If p is an odd prime such that 

(4.1) PEE 1,2 or 4 (mod 7), 

then the eUiptic curve with equation y^ = x^ — 35x + 98 has good reduction modulo 
p. Hence, from now on we suppose that p is a fixed prime number as in (j4.ip and 
we denote by E the elliptic curve with equation 

y"^ =x^ - 35x + 98 

over Fp. Being —7a quadratic residue in Fp we also get that 

(4.2) x^ -x + 2^0 
has two solutions w, w in Fp, namely 

i + \/^ _ 1- V^ 

^ = ;; 1 ^ = 7. ■ 

2 ' 2 

Fixed a positive integer n and set q = p"', we want to study the iterations over 
P^(Fq) of the maps -dk^, for a G {uj,uJ}, where 

(4.3) k^ = — - — (modp), kzj= — - — (modp). 

We notice in passing that kuj and kj^j are the two roots in Fp of the quadratic 
equation 

(4.4) a;2 + la: + i - 0. 

Now we show that any map "dk^ is conjugated to the respective map r]k^ defined 
over P-^(Fq) as follows: 



Vk„ (x) 



Before proving this fact, we notice that the maps rj^^ are involved in the definition 
of two endomorphisms of the curve E, namely the maps e^^ which take a rational 
point {x,y) in E{Fq) to 

. ^ f / ^ 1 A 7 -(1-^)4 

e.„ {X, y) = (v.. {xh^-y[l+ (^_^^._2), 

The fact that any map iSk^ is conjugated to the respective map rjk^ enables us to 
study the iterations of the former maps relying upon the action of the endomor- 
phisms Cfe^ on the rational points of the curve E. 

With the aim to prove the conjugation between the maps dk^ and r]k^ we set 

5 1 - + k 

ba = k^ + - (modp), c^ = - ^^ (mod p), d^ = ^— -^ (mod p) 
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and define two bijective maps Xk„ on P^(Fg) in such, a way: 



XfecT 



X I— > 



The inverses of the maps Xk„ are 



^fea 



l-^- 



• 1 


if X = OO, 


Ca 

OO 


■ r da 
it X = , 


x + ba 

, CcrX + da- 


Ca 

in all other cases. 


OO 


it X = — , 


_da_ 


Ca 

if X = OO, 


Ca 
daX - ha 


in all other cases. 



-CaX + 1 

With the notation just introduced we can prove the following technical result. 
Lemma 4.1. For any x G V^iYq), 
(4-5) Xkl ° Vk„ ° Xfc„ {x) = ^k„ {x). 

Proof. As a first step, we notice that cr^ = 2fcc, — 1 (mod p). Therefore, 

1 / 14-(3fc^ + l)^ 



Vk (x) - 

Taking into account the fact that /c~ = 



1 



1 



(mod p) , we have that in Fp [x) 



Vk„ o Xfc„ i^) 
Since in Fp{x) 



{56ka + 28) ■ x^ + {-SAkg + 98) ■ x + (56fc^ + 28) 
{8ka - 12) • x2 + {-20ka + 2) • X + (8A:^ - 12) ' 



we get the thesis. 



(42fc„ + 7) 



(42A:„ + 7) _ 



{-lAka + 35)x 



/Cn- ■ 



D 



According to Lemma l4Tl any of the two maps 'dk„ is conjugated to the respective 
map rjk^ ■ Therefore, since the graphs G^ are isomorphic to the graphs G^^ , we 
will concentrate on the study of these latter graphs. 

4.1. Structure of the graphs GJJ^ . As a first step in our study, we remind 



that End(i?) is isomorphic to i? = Z [w], where lo = — 
euclidean with euclidean function 



We notice that R is 



N{a + hio) = (a + buj) ■ (a + buj), 

for any arbitrary choice of a, & in Z (here (•) denotes the complex conjugation). 
Now we partition the elements of P^(Fpi. ) in two subsets: 

An — {x e Fpn : (x, y) € E{Fp,^) for some y € Fpn} U {oo}, 

Bn = {x e Fp. : (x, y) € £;(Fp2„) for some y e Fp2,.\Fp.}. 

Before proceeding we prove the following useful remark. 

Lemma 4.2. Let x e Fpn . Then, in E(Fp2n) there are exactly two rational points, 
(x,2/) and [x,~y), with such an x-coordinate except for 

X e {-7,a; + 3,w + 3}. 
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Proof. For a fixed value x E Fpn, the equation y^ = x^ — 35x + 98 lias exactly 
two distinct roots j/i and j/2 in Fp2n except in the case that x makes vanish the 
polynomial 

x^ -~ 35a; + 98 = (a; + 7) • {x^ -7x + 14). 
Since the set of roots of this latter polynomial is 
7 + \/^ 7 - xT^ 1 



V^ = (-ir-TI-;/- 1+ . 1^_;,J . for.7e{l,2}, 



we get the thesis. D 

We prove two useful technical results. 

Lemma 4.3. The maps rjk^ act separately on the sets An and Bn, namely, if 
X G F^{Fpn), then r]k^{x) G A„ if and only if x E An- 

Proof. Let a € {w,w}. 

For x in P^{Fpn)\{—a^ + 2,oo} we have that r]k^{x) £ Fp^. 

If a; = oo, then rjk^ (x) = oo and we are done. 

If a; = —a^ + 2, then x G A„ and the same holds for r]k^{x) = oo, since in this 
case x^ - 35x + 98 = 0. 

Take now x e j4„\{— cr^ + 2,oo}. By definition there exists y G Fp»i such that 
ix,y) e E{Fpn.). Therefore, ek„{x,y) G ^^(Fp^) and r]k,{x) G A„. 

Consider finally an element x € Bn- Since {rik„{x),yx) and (ryfc^ (a;), j/2), with 

^ / 7-(l-g)^ 

cr3 ■ ^ ■ (^ + (a; + 0-2 - 2) 

are the only rational points in _E(Fp2n) having such a x-coordinate and y ^ Fpn, 
we conclude that any yj is not in Fpn and that rik^{x) G i?„. □ 

Lemma 4.4. The following hold. 

• Vk^i-''') = cr + 3; 

• ?7fe^(uJ+3) =^ 00; 

• ?7fcj^(a; + 3) = 00; 

• Vk^ (x) ^ X if and only if x £ {cr + 3, — 2(j + 1, 00}. 

Proof. All assertions can be checked by direct computation and in the following we 
will present some of them. Basically, we have just to take in mind that 

(T^ - cr + 2 = and u; + uJ = 1 . 

Let us begin with the first assertion. 



-7 + cr2 

1 _ivr-7-^^^-^ 



4 47 V cr-11 

4 4/ V ^ V 112 56 

= cr + 3. 

As regards the second and the third assertion, they follow from the fact that 

x + uj'^-2 = forx = uJ+3, 

X + w^ - 2 = for X == w + 3. 
Finally, r]k^ (x) = x if and only if x = 00 or 

CT^ • (X + O-^ - 2) • f]k^ (x) = cr^ • (x + (T^ - 2) • X. 
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After some algebraic manipulations we get that this latter is equivalent to the 
quadratic equation 

{-a + 3)-x^ + (6(T - 10) • x - (21cr - 7) = 0, 

whose roots are a + 3 and — 2(7 + 1. D 

We remind that among the endomorphisms of E we find the Frobenius endo- 
morphism tTj,, which takes any rational point {x,y) of E{Fpn) to (xP,yP). By [B], 
Theorem 2.3(a), we have that there exists an isomorphism 

Moreover, by [B], Theorem 2.4, the representation of tt^ as an element of R is 

p + 1 — ni + yd 
^P = ^ , 

where 

m = \EiFp)l 
d = (p + 1 - m)^ - 4p. 

By means of the isomorphism ■(/;„ we can study the iterations of the maps rjk^ on 
An- In fact, by definition, x £ An if and only if {x, y) e E{Fpn) for some y e Fpn. 
Moreover, 

2 = Cfc^ o efc^, 
being 2 the duplication map over the curve E. Since in R 

2 — LO -u, 

we get that the endomorphisms e^^ and efc_ are represented in Rhy uj and oJ. 
Before dealing with the iterations of rjk^ on i?„, we introduce the subset 

^(Fp2„)B„ = {{x,y) e ^(Fp2„) : a; e B„} 

of £;(Fp2,.). The following holds. 

Lemma 4.5. Lei (i,y) G i?(Fp2n). Then, {x,y) E E{Fp2r,)B^ if and only if 
TTp (i, y) = {x, -y) and y^O. 



Proof. The proof is verbatim the same as in Lemma 13.31 D 

We remind that, whichever the positive integer n is, the 3 rational points {x, y) € 
E{Fpn) with y = are: 

Zi = (-7,0), Z,= ^—^,oy Z3=(^ ^,0 

With the notation till now introduced and in virtue of Lemma 14.51 the following 
holds. 

Corollary 4.6. There exists an isomorphism 

i^n ■■ S(Fp2„)s„ U {Zi,Z2, Z3, 0} -^ R/in^ + 1)R, 

being the point at infinity of the curve E. 

Proof. By the aforementioned Theorem 2.3 of [B], 

i?(Fp2„) = i?/(7r2"-l)i?. 

Denote by ^2n the isomorphism between E{Fp2n) and i?/(7rp" — 1)R and by {x,y) 
a rational point of i<^(Fp2„). We have that Trp{x,y) = {x,—y) if and only if 
{x,y) e E{Fp2n)B,^ or y = 0. Since this latter is equivalent to saying that 
(x, y) e {Zi,Z2, ^3, 0}, we are done. D 
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All considered we can study the graphs G^"^ separately on the elements of An 
and Bn- The following study will resemble closely our previous investigation [3], 
given that both the elliptic curve E of the present work and the Koblitz curve of 
[3] have complex multiplication by i? = Z[w]. 

4.1.1. Structure of the cycles of the graphs Gf. . Suppose that tt" — 1 (resp. tt" + 1) 
factors in R as 

(4.6) c.^- ■ S7^- • ( n^r ) • ( n "-A ■ i^^r^ 



Vi— D + l 



where 



(1) e^,eij, all e^ and e/ are non-negative integers; 

(2) Niuj"-) = 2"-' and iV(z:J*=^) = 2^"; 

(3) for 1 < i < w the elements Pi € Z are distinct primes of R and iV(p^' ) = Pj *^* ; 

(4) ioi V + I < i < w the elements r^ g i?\Z are distinct primes of R, different 
from uj,lJ and \/— 7, and N{r1^) — p1\ for some rational integer pi such 
that riTi ^pi. 

For the sake of clarity we introduce the indices set J so defined: 
J = {lo,u) \J {i : 1 < i < w) \J {/}. 
Moreover we define, for j £ J, 

'j iije{uj,uj}, 

,Pi if j e {!,•■•,«}, 
Pj — < 

ri if j e {u + l,...,u;}, 

^ ifj = /. 

As a consequence of the factorization (14. 6p the ring i?/(7r" — 1)_R (resp. i?/(7r" + l)i?) 
is isomorphic to 

(4.7) S^Wr/p'^R. 

As regards the additive structure of the quotient rings involved in (j4.7p . we notice 
the following. 

• The additive groups of R/uj'^'^R and R/Zu'^^R are cyclic of orders 2^" and 
2'^~, respectively. Hence, there are (^(2'*'^) elements in R/oj'^^R (resp. 
if{2'^~) elements in R/uj'^R) of order 2'*'^, for each integer < h^ < e^ 
(resp. of order 2'*", for each integer < /ijj < ejj). 

• For any i G {1, . . . , u} the additive group of R/p^^R is isomorphic to the 
direct sum of two cyclic groups of order p^' . This implies that, for each 
integer < hi < et, there are Nh^ elements in R/pl'-R of order p^ ', where 

r 1 if /^, = 

' " 1 ^2/,. _p^2(h.-i) otherwise. 

• For any i G {f + 1, . . . , w} the additive group oi R/r^' R is cyclic of order p^'. 
Hence, there are fip^^) elements in R/r^^R of order p>, for each integer 
< hi < Ci. 

• The additive group of R/{^/^yf R is isomorphic to the direct sum of two 
cyclic groups of order T^fl"^^ if e/ is even, or to the direct sum of two cyclic 
groups of order respectively I'^'^s-'^)!'^ and ^'y'^s+'^)l'^ ^ if ey is odd. In the 
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case that ef is even, for each integer < hf < ef/2 there are Nh^ elements 
in R/{\/—7y^R of order I'^f , where 

1 if /i/ == 

72/1/ _ 72(^1/ -1) otherwise. 

If, on the contrary, Cf is odd, then 

r 1 if hf = 0, 

Nhf = < 72'V - raC*/-!) if l<hf< {ef - l)/2, 
[ 7e,_7e,-l if /,^. ^ (e/ + l)/2. 

Let us choose one among the maps rjk^ for a G {lu,lJ}. If (x, y) is a rational 
point of _E(Fpn) (resp. E{Fp2rz)B„), then we write P{x,y) for the image of {x,y) in 
S". 

Now we define the sets 

Zj = {0,1,..., ej}, for any j e J\{/}, 
Zf = {0,l,...,re//2l} 

and 

H^WZ,. 

Definition 4.7. Let P = (P^, . . . , Pf) e S. 

Then, we define h^ — {h^, h^, . . . , h?) in H if 

• Pcj has additive order 2'*" in S; 

• P— has additive order 2^ in S; 

• each Pi, for 1 < J < w, has additive order p^ ' in S*; 

• Pf has additive order 7'''f in S*. 

Moreover, we define o{P) = {o{Pu),o{Pzj), . . . ,o{Pf)), where o{Pj) denotes, for 
any j G J, the additive order of Pj in S. 

The following two lemmas furnish a characterization of 77^^ -periodic elements. 

Lemma 4.8. Let x G An (resp. P„j be rjk^ -periodic. Then, one of the following 
holds: 

• X = 00; 

• X is the x-coordinate of a rational point {x,y) € E(Fpn) (resp. E(Fp2n)) 
such that P(x.y) = (Pw, P~, • • • , Pf), where P„ — 0. 

Proof. If a; = 00, then x is ry^^ -periodic. 

Suppose now that x £ A„\{oo} (resp. P„). Then, (x,y) G E{Fprz) (resp. 
E(Fp2n)B„) for some y in Fpn (resp. Fp2n). Moreover, a^Pr,j.y\ = ±P(j. j^) for some 
positive integer I. In particular, (cr' ± l)Pcr = 0. Since a does not divide (ct' ± 1), 
we have that Pa — Q. □ 

Lemma 4.9. Let a G {a;,w} and P = (P^, P—, . . . , Pf) a point in S such that 
Pa = 0. Moreover, denote by Ij, for any j G J , the smallest among the positive 
integers s such that either a^ ■ Pj = Pj or a^ ■ Pj = —Pj. 

Let I' — lcm(Zj^, I—, . . . , If) and denote by I the smallest among the positive inte- 
gers s such that cr^P ~ P or a^P — —P. 

Then, for any j £ J we have that Ij is the smallest among the positive integers 

s such that p-' divides either cr" + 1 or a^ — 1 in R. Moreover, I is determined as 
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I' if either p^' | (cr' +1) for all j e J or p^' | (cr' - 1) for all j e J, 
21' otherwise. 

Proof. Fix a j £ J. If Pj — 0, then h^ — 0, Ij = 1 and p^ = 1 clearly divides both 
tr'j + 1 and cr'j — 1. Suppose now that Pj ^ 0. We notice that o{Pj) ■ Pj ^ and 

that, whichever j is, gcd(p^^ , o(Pj)) = p-^ . Therefore, 



gcdii,'' MP,)) 



Hence, if s is a positive integer such that p-' divides either cr* + 1 or cr* — 1, then 



p'^j' ■ pJ ''' divides either {a' + l)Pj or {a" - l)Pj 



J' 



namely 



Pj^P, or a^-P,=-P,. 



We can therefore conclude that Ij is also the smallest among the positive integers 

s such that p,' divides either cr* + 1 or cr* — 1 in R. 

Since ct'P = P or (t'P = — P, we have that either (J^{Pj) = Pj for all j G J or 
cr^{Pj) = —Pj for all j £ J. Then, I must be a common multiple of all Ij. In fact, 
let j £ J and suppose that 

il = lj-qj+tj 

\o<t,<i, 

for integers qj , ij . Then, 

cT^Pj = cr'^-«^+*^(Pj) == cr*^(±P,-) = ±P,-. 

By definition of Ij we conclude that tj — 0. Hence, ij \ l and Z' | l. Since cr' (Pj) = 
zbPj for any j, we get the thesis. D 

The following holds. 

Lemma 4.10. Let xq £ Fpn be rjk^ -periodic, s a positive integer and Xg = ?7| (a^o)- 
Let (xQ^yo) £ E(Fpn) (resp. E{Fp2n)B^) for some j/o G Fp" (resp. Fp2n) and 
{xs,ys) e E{Fpn.) (resp. E{¥p2^)B^) for some ys S Fpr. (resp. Fp2„/ //Q(°) = 

Proof Since x^ = Vk.^ixo), we deduce that Q(") = icr-'Q^o). Therefore, if Q(o) = 
(QL°\ Q^°\ • ■ • , Qf), then Q(^) = ±{a'QL"\ ..., a'Qf). For any j £ J\{a) we 
have that a" and pj are coprime. Therefore, for any such j , we have that h^ = 
h^ . Finally, Qa = 0, implying that h^ = h^ — 0. Therefore we can 
conclude that h^ = h^ ' . D 

If a; e P^(Fpn) is 77^^ -periodic, then we denote by 

{x)r„^ ^{TllM:r£^} 

the cycle of x with respect to the map rjk^ . 

In virtue of Lemmas 14.91 and 14.101 we can give the following definition. 

Definition 4.11. lih ~ {h^, hjj, . . . , hf) £ H, then Ch denotes the set of all cycles 
(x) of GJj" formed by the elements x £ An (resp. P„) such that exactly one of 
the following holds: 
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• .T = oo (and h = (0, 0, ... , 0)); 

• there exists y G Fpn (resp. Fp2„) such that {x,y) E E{Fpn) (resp. E{Fp2,^)B„) 
and h^i'^'y) — h. 

Moreover, by Ih we denote the length of the cycles formed by these points, by Ca^ 
the set of all cycles in graph An and by Cb„ the set of all cycles in graph i3„. 

The following holds. 

Theorem 4.12. Let Ha Q H he the set formed by all h E H such that 

• h^^O, if <T = uj; 

• h— ~ 0, if a ^ZJ. 

Let Hb Q H be the set formed by all h E H such that 

• h^ =0, if a ^ Lo; 

• h-^0,if<T = ID; 

• /i^(0,0,...,0); 

• if a = UJ and h— = 1, then hj ^ for some j G J\{lu,lu}; 

• if a — lJ and h^^ ~ 1, then hj ^ for some j G J\{a;,ZU}. 

With the above notation, 



Ca„= U Ch and Cb^= |J Ch, 

heHA heHs 



Moreover, 



n\^ 



if h Cz Ha o,nd hj = 0, for all j G J , 
if h E Ha , hzj = 1 and hj = for j ^ uJ, 
if h E Ha, huj = I and hj = for j ^ lo, 
in all other cases, 



where 



Nh 



^ ■ ^{2'^-) ■ ^(2''-) . (iinA ■ ( f[ ^(p^) 



Proof Let us analyse separately the different cases. 

• Let (x) G Ch for h G Ha with all hj = 0. Then h — h^ , where all 
Pj — 0. Therefore, a; = oo and \Ch\ — 1- 

• Let (x) G C'h, where h G HA,h— = 1 and hj = for j ^ U. Then 
h = h^ , where all Pj = for j ^ uJ. Moreover, P— has additive order 
2. Therefore, P = P(i:,y), where {x,y) G {Zi, Z2, Z^}. Since aP — P and 
a — id, we conclude that x = uj + 3 and \Ch\ ~ 1. 

• Let (x) G Cfi, where h G HA,h^ = 1 and hj = for j 7^ uj. Then 
h = h^ , where all Pj ~ for j 7^ ui. Moreover, P^ has additive order 
2. Therefore, P = P(s:,y), where {x,y) G {Zi,Z2,Z3}. Since aP = P and 
(7 = aJ, we conclude that a; = cj + 3 and \Ch\ = 1 . 

• Let (x) G Ch for some h G Hb or ft, G Ha such that none of the previous 
conditions occur. Then, (x, y) and [x, — y) are the two rational points of 
E{Fpn) (resp. E{Fp2n)B,^) with such a x-coordinate. The length of the 
cycle {x) is Ih, being Ih as explained in the current paragraph. We 
notice that /i^(^'5) = h. Moreover, the number of points Q in 5* such that 
h^ ^his 



^{2^^-)-v{2^^)-[\{N,A-[ n vip'n 



V?— l?+l 
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We conclude that 



\Ch\ = ^ • ^(2'^-) • ^(2'^-) • [i{NnA ■ [ n ^b:'') 

'' \i=l / \l = V + l / 



U 



In the following we will denote by Va„ (resp. Vb„) the set of the ?7fc^-periodic 
elements of A„ (resp. -B„). Before proceeding with the description of trees rooted 
in vertices of Va„ and Vb„ we notice that, according to [I], 

R/lo'^-'R = {y^ S^-[luY -.6, = oil}, 




The following theorem characterizes the reversed trees having root in Va„ (resp. 

VbJ- 

Theorem 4.13. Any element xq G Va„ (resp. Vb„) is the root of a reversed binary 
tree of depth e„ with the following properties. 

• If xq ^ cxD, then there are [2''"^] vertices at the level r < e^ of the tree. 
Moreover, the root has one child, while all other vertices have two children. 

• If xo = oo, then there are [2'""^] vertices at the level r < e^ of the tree. 
Moreover, the root and the vertex at the level 1 have one child, while all 
other vertices have two children. 

Proof. The proof of this theorem is verbatim almost the same of the proof of The- 
orem [STTlJ More precisely, we just need to modify some notations inside the proof: 

• replace any occurrence of Qo by Qa\ 

• replace any occurrence of Qo with Qo-i 

• replace any "z ^ 0" by "j G J\{(t}\ 

• replace any occurrence of dk^ with 77^^ ; 

n 
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